Bug Bounty Programme Terms and Conditions

Bug Bounty Programme, the Programme – the programme implemented by GenioPay, which is applicable to persons who have discovered a security bug at GenioPay, reported it to GenioPay, and are eligible for a reward.

Bug Bounty Programme Participant, the Participant – a person who has discovered a bug in the Security system of GenioPay, reported it to GenioPay, and is eligible for a reward.

Bug – an error, malfunction, or other disruption in the programs or systems of GenioPay, which may affect GenioPay or any other system related to GenioPay, which is controlled or managed by GenioPay.

Confidential information – any information related to the GenioPay System or Clients of GenioPay, obtained by participating or intending to participate in the Bug Bounty Programme.

Client – a person who has registered and created an account in the GenioPay System.

GenioPay – GenioPay Inc., GenioPay Ltd., according to the residence country of the Client, also other legal persons that are engaged by GenioPay Inc., in providing services and are authorised to operate on behalf of GenioPay Inc.

GenioPay System – a software solution on the web pages and mobile app of GenioPay, developed by GenioPay and used to provide the services of GenioPay.

Sanctioned persons, sanctioned countries – persons or countries subjected to sanctions (restrictions of the state) by the European Union, The Office of Foreign Assets Control (OFAC) of the USA, or other relevant organisations.

  1. The Bug Bounty Programme Participant hereby confirms that they have read and agree to the present Bug Bounty Programme terms and conditions.
  2. In order to participate in the Bug Bounty Programme, the Bug Bounty Programme Participant shall comply with the following eligibility requirements:

2.1. the Bug Bounty Programme Participant shall be at least 14 years old. If the Participant is at least 14 years old, but is considered a minor in their place of residence, they must obtain consent from their parents or legal guardians prior to getting enrolled in the programme. GenioPay has the right to demand the Participant to provide written (also notarised) consent of the Participant's representatives (parents or legal guardians). If the Participant fails to provide written consent within the set period of time, GenioPay shall terminate their participation in the Programme;

2.2. the Bug Bounty Programme Participant shall adhere to regulatory legislation.

  1. In case GenioPay determines that the Bug Bounty Programme Participant has breached at least one of the criteria set out in paragraph 2, the Participant shall be removed from the Bug Bounty Programme and shall not be entitled to a reward.
  2. The Bug Bounty Programme Participant is obligated to adhere to the Confidentiality requirements – all information obtained using, participating, or intending to participate in the Programme belongs to GenioPay and shall be deemed Confidential. GenioPay reserves the right to take legal action for the use or disclosure of information related to the Programme or otherwise disseminating such information.
  3. The Bug Bounty Programme Participant shall use only their own data during participation in the Programme.
  4. The Bug Bounty Programme Participant is prohibited from:

6.1. carrying out attacks, which may harm or otherwise influence the reliability or integrity of the data or services of GenioPay;

6.2. using bug research methods that may result in customer service aggravation;

6.3. getting or using data of GenioPay Clients obtained through the participation in the Programme;

6.4. performing actions that would allow the Bug Bounty Programme Participant or any other third person to access, store, erase, or influence the data of GenioPay or its Clients in other ways;

6.5. in other ways causing interruptions in the GenioPay System, disrupting the activity of GenioPay Clients in the System, exploiting a Bug in pursuit of own benefits, or violating legal requirements.

  1. A reward to the Bug Bounty Programme Participant is paid in proportion to the severity of the Bug.
  2. Only Bugs acknowledged by GenioPay are rewarded.
  3. A reward is paid for a Bug, which:

9.1. is discovered for the first time and had not been reported or known before;

9.2. is discovered remotely, or provides an opportunity to escalate or get new privileges in regard to the GenioPay System, or may cause a leak of confidential information of GenioPay or its Clients.

  1. A reward is paid in the currency of euro.
  2. When a Bug is reported by two or more persons within 24 hours, the reward is split between the persons.
  3. A reward for reporting a Bug shall be transferred only to an identified GenioPay account of the Participant.
  4. At the request of the Bug Bounty Programme Participant, the reward may be donated to Greenpeace, the Red Cross, or Caritas.
  5. The Bug Bounty Programme Participant is responsible for paying all the taxes that may be applicable in their country of residence from the reward paid out for the participation in the Bug Bounty Programme. If the Bug Bounty Programme Participant is a citizen of the United Kingdom, the reward shall be paid by deducting taxes prior to payout.
  6. The Bug Bounty Programme Participant agrees to provide GenioPay with their personal and contact details (name, surname, personal identification number, citizenship, residential address, bank account number) in order for GenioPay to pay the reward for their participation in the Bug Bounty Programme in accordance with the requirements of GenioPay, and perform other actions set out by legislation.
  7. The Participant agrees that GenioPay will process the provided data in order to pay a reward for participation in the Programme. GenioPay ensures the security of the data obtained through the Bug Bounty Programme Participant's participation in the Programme. The personal data shall be used to the extent it is required in order to implement the present Terms and Conditions. The personal data referred to in paragraph 15 of the Terms and Conditions may not be disclosed without the consent of the Participant, except in cases established by law or these Terms and Conditions.
  8. The retention period for the data of the Bug Bounty Programme Participant is 10 (ten) years, unless a longer retention period is required by legal acts. Upon expiration of the Participant's data retention period, GenioPay shall erase the data.
  9. GenioPay has the right to transfer information about the Participant and their activities to public authorities (e.g. for tax purposes), if such obligation is determined by legislation.
  10. The Bug Bounty Programme Participant who is a sanctioned person or a citizen of a sanctioned country can participate in the Programme on a reimbursable basis, or their reward may be donated to the charity organisations referred to in paragraph 13 of the present Terms and Conditions.